[Desktop-packages] [Bug 1895643] Re: Backport Thunderbird 78 to 20.04 LTS and 18.04 LTS
Please expedite upgrading Thunderbird to version 78.7. Multiple remote vulnerabilities have been reported in older clients. Refer to the following CVE reports for additional detail: https://nvd.nist.gov/vuln/detail/CVE-2020-15685 https://nvd.nist.gov/vuln/detail/CVE-2020-26976 https://nvd.nist.gov/vuln/detail/CVE-2021-23953 https://nvd.nist.gov/vuln/detail/CVE-2021-23954 https://nvd.nist.gov/vuln/detail/CVE-2021-23960 https://nvd.nist.gov/vuln/detail/CVE-2021-23964 Also see https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/ ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15685 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-26976 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23953 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23954 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23960 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23964 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/1895643 Title: Backport Thunderbird 78 to 20.04 LTS and 18.04 LTS Status in thunderbird package in Ubuntu: Fix Released Status in thunderbird source package in Bionic: Triaged Status in thunderbird source package in Focal: Fix Committed Status in thunderbird source package in Groovy: Fix Released Bug description: Upstream Thunderbird version 78.2.2 should be a candidate for backporting to stable Ubuntu releases. I've successfully built 78.2.1 against both with forcing nodejs version (20.04, 18.04) and disabling AV1 support due to too old nasm (18.04). Attaching debdiffs here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1895643/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1791477] Re: Thunderbird Multiple Security Vulnerabilities
*** This bug is a duplicate of bug 1786951 *** https://bugs.launchpad.net/bugs/1786951 Someone from the Ubuntu security team should determine if this bug should be marked as a duplicate of Bug #1786951: Update to 60.0, which appears to be a non-security bug that is limited in scope (applies to Cosmic release only). -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to thunderbird in Ubuntu. https://bugs.launchpad.net/bugs/1791477 Title: Thunderbird Multiple Security Vulnerabilities Status in thunderbird package in Ubuntu: New Bug description: Per Mozilla Foundation Security Advisory 2018-19, multiple critical and high security vulnerabilities exist in the current version of Thunderbird (1:52.9.1+build3-0ubuntu0.18.04.1). These security vulnerabilities are listed at https://www.mozilla.org/en- US/security/advisories/mfsa2018-19/ It is recommended that Thunderbird be upgraded to version 60 for all supported Ubuntu flavors. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1791477/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp